Sql injection

A vulnerability was found in gmail-servlet and classified as critical. This issue affects the function search of the file src/Model.java. The manipulation leads to sql injection. The identifier of the patch is 5d72753c2e95bb373aa86824939397dc25f679ea. It is recommended to apply a patch to fix thi...

CVE-2014-125075

CVE-2014-125075 affects gmail-servlet, specifically the search function in src/Model.java, where a SQL injection vulnerability exists. The issue is described across multiple sources as a critical flaw in gmail-servlet leading to SQL injection. The patch identifier 5d72753c2e95bb373aa86824939397dc...

CVE-2016-15015

A vulnerability, which was classified as problematic, was found in viafintech Barzahlen Payment Module PHP SDK up to 2.0.0. Affected is the function verify of the file src/Webhook.php. The manipulation leads to observable timing discrepancy. The complexity of an attack is rather high. The...

Node v18.13.0 (LTS)

Node v18.13.0 LTS By Danielle Adams, Jan 06, 2023 Notable changes Add support for externally shared js builtins By default Node.js is built so that all dependencies are bundled into the Node.js binary itself. Some Node.js distributions prefer to manage dependencies externally. There are existing...

CVE-2017-20163

A vulnerability has been found in Red Snapper NView and classified as critical. This vulnerability affects the function mutate of the file src/Session.php. The manipulation of the argument session leads to sql injection. The name of the patch is cbd255f55d476b29e5680f66f48c73ddb3d416a8. It is...

Sql injection

A vulnerability has been found in Red Snapper NView and classified as critical. This vulnerability affects the function mutate of the file src/Session.php. The manipulation of the argument session leads to sql injection. The name of the patch is cbd255f55d476b29e5680f66f48c73ddb3d416a8. It is...

CVE-2017-20163

Red Snapper NView is affected; the mutate function in src/Session.php is vulnerable to SQL injection via the session parameter. The patch cbd255f55d476b29e5680f66f48c73ddb3d416a8 is recommended as a fix. A temporary workaround from PT-2023-10615 suggests disabling mutate or restricting access to ...

aXMLRPC XML External Entity vulnerability

A vulnerability classified as problematic was found in gturri aXMLRPC up to 1.12.0. This vulnerability affects the function ResponseParser of the file src/main/java/de/timroes/axmlrpc/ResponseParser.java. The manipulation leads to xml external entity reference. Upgrading to version 1.12.1 is able...

Debian dla-3257 : emacs - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3257 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3257-1 [email protected] https://www.debian.org/lts/security/...

SimbCo httpster vulnerable to Path Traversal

A vulnerability classified as critical was found in SimbCo httpster. This vulnerability affects the function fs.realpathSync of the file src/server.coffee. The manipulation leads to path traversal. The exploit has been disclosed to the public and may be used. The name of the patch is...

GHSA-P8J8-WXVP-H695 SimbCo httpster vulnerable to Path Traversal

A vulnerability classified as critical was found in SimbCo httpster. This vulnerability affects the function fs.realpathSync of the file src/server.coffee. The manipulation leads to path traversal. The exploit has been disclosed to the public and may be used. The name of the patch is...

CVE-2020-36629

A vulnerability classified as critical was found in SimbCo httpster. This vulnerability affects the function fs.realpathSync of the file src/server.coffee. The manipulation leads to path traversal. The exploit has been disclosed to the public and may be used. The name of the patch is...

CVE-2020-36629

A vulnerability classified as critical was found in SimbCo httpster. This vulnerability affects the function fs.realpathSync of the file src/server.coffee. The manipulation leads to path traversal. The exploit has been disclosed to the public and may be used. The name of the patch is...

Path traversal

A vulnerability classified as critical was found in SimbCo httpster. This vulnerability affects the function fs.realpathSync of the file src/server.coffee. The manipulation leads to path traversal. The exploit has been disclosed to the public and may be used. The name of the patch is...

CVE-2022-4638

A vulnerability classified as problematic was found in collective.contact.widget up to 1.12. This vulnerability affects the function title of the file src/collective/contact/widget/widgets.py. The manipulation leads to cross site scripting. The attack can be initiated remotely. The name of the...

CVE-2022-4633

A vulnerability was found in Auto Upload Images up to 3.3.0 and classified as problematic. Affected by this issue is some unknown functionality of the file src/setting-page.php of the component Settings Handler. The manipulation leads to cross-site request forgery. The attack may be launched...

PYSEC-2022-43151

Patchelf v0.9 was discovered to contain an out-of-bounds read via the function modifyRPath at src/patchelf.cc...

CVE-2022-44940

Patchelf v0.9 was discovered to contain an out-of-bounds read via the function modifyRPath at src/patchelf.cc...

CVE-2022-44940

Patchelf v0.9 contains an out-of-bounds read via modifyRPath in patchelf.cc (CVE-2022-44940). Several advisories (Ubuntu USN-6036-1, Mageia MGASA-2023-0179, OSV entries) confirm the issue and note a fix has been released in updated Patchelf packages; affected users should apply the vendor-provide...

Updated emacs packages fix security vulnerability

GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the ctags program. For example, a victim may use the "ctags " command suggested in the ctags...